FINRA 2016 Regulatory and Examination Priorities: Proactive Oversight of Risk and Violations is Key
On January 5, 2016, FINRA kicked off the new year by publishing the annual FINRA 2016 Regulatory and Examination Priorities letter. This year’s letter highlights three broad topics of significant importance to FINRA: (1) supervision, (2) risk management and controls, and (3) liquidity, but FINRA has made it clear that supervision and risk – and how they tie-in to firm culture – is a top priority.
In this blog post we’ll explore the topic of supervision and risk in greater detail.
Supervision, Risk Management and Controls
FINRA’s 2016 Regulatory and Examination Priorities indicate that rules create an obligation for firms to establish and maintain a system to supervise the activities of their associated persons that is designed to achieve compliance with securities laws and regulations. As such, FINRA has specified that examinations in 2016 will emphasize four areas that are key to compliance: (1) anti-money laundering (AML), (2) cybersecurity, (3) the management of conflicts of interest and technology management, and (4) outsourcing and data quality. FINRA posits that compliance across these four areas starts at the top with a firm’s leadership, and with the culture of compliance that is promulgated as a result.
Given the increased emphasis on firm culture, FINRA will formalize its assessments in this area to better understand how culture impacts compliance and risk management by exploring these five indicators:
- whether control functions are valued within the organization
- whether policy or control breaches are tolerated
- whether the organization proactively seeks to identify risk and compliance events
- whether immediate managers are effective role models of firm culture
- whether sub-cultures that may not conform to overall corporate culture are identified and addressed
We’d like to highlight and further discuss one of these areas, the proactive identification of risk and compliance events, which could pose a significant challenge to unprepared firms.
Proactive Identification of Risk and Violations: A Tough Nut to Crack
Historically, risk and violation identification and oversight was relatively simple: compliance teams employed standard processes that facilitated the detection of risks and violations related to potential regulatory violations. These processes were deployed against a relatively small dataset, electronic communications such as email for instance, and were more or less effective at detecting risk and violations.
But the information landscape has evolved radically over the past 5 years. The volume of information subject to oversight has grown substantially, as electronic communications have won out as the primary means of communication. Further, the variety of information has grown, as firms are now responsible for oversight of not just email, but of a mind-boggling number of different types across a variety of communications technologies such as instant messaging, social media, and enterprise collaboration. And, while challenging to properly perform oversight on so much information, it’s no longer sufficient to examine electronic communications independently of other types of information such as trades and transactions. Reviewing electronic communications alongside other information could prove extremely valuable, but existing processes are simply not capable of such an analysis.
The root of the problem is that while the landscape has changed dramatically, the compliance processes in place have not and compliance teams are struggling as a result. Oftentimes, this leaves compliance teams feeling overwhelmed, ineffective, and reactive.
As FINRA places increased emphasis on the need to proactively identify risk and compliance events, it becomes clear that compliance teams must supplement their portfolio of processes with tools that can help them meet FINRA’s expectations in this regard.
A New Approach to Proactive Identification of Risk and Violations
In order for compliance teams to shift from reactive risk and violation mitigation to proactive identification, firms must consider new methodologies by which to manage risk and compliance events. Simply put, the status quo processes that were sufficient ten years ago aren’t adequate in today’s landscape and so a new approach is needed. Consider how the below list could help you to better and more proactively manage risk and violations:
- Focusing on more than just electronic communications when examining risk and violations. What insights could be uncovered if electronic communications are correlated with information such as trades, IOI’s, call logs, network access, etc.?
- Tracking behaviors, patterns and relationships in information generated between internal employees and between employees and external parties. Could flagging deviations from an established baseline indicate areas of interest?
- Creating risk profiles for your employees. Is there value in readily knowing which employees possess the greatest likelihood for compliance violations?
- Leveraging the latest data science-based techniques to more accurately pinpoint risks and potential violations such as natural language processing (NLP) and machine learning. Are status quo means of risk and violation detection still truly effective at your firm?
At Panalytics, we’re providing the next generation of risk and violation analytics to help Financial Services firms move from reactive mitigation to proactive identification and prevention; ultimately helping to meet FINRA’s expectations for proactive risk and compliance event identification and management.